Gemini, Uber's Data Breaches Show Third-Party Risk Can't Be Ignored
Check out all the Smart Security Summit on-demand sessions here.
Third-party risk is one of the most overlooked threats to enterprise security. Research shows that in the past 12 months, 54% of organizations have experienced third-party data breaches. This week alone, Uber and cryptocurrency exchange Gemini have been added to this list.
Most recently, Gemini suffered a data breach after hackers hacked into a third-party vendor's systems and gained access to 5.7 million emails and partially obfuscated phone numbers.
In a blog post about the breach, Gemini acknowledged that while no account information or systems were affected, some customers may have been targeted by phishing campaigns as a result of the breach.
While the information exposed in the Gemini breach is limited to emails and partial phone numbers, the hack highlights that targeting third-party vendors is a reliable way for threat actors to collect information for use in social engineering scams and other attacks.
Why third parties are an easy target for data breachesIn the case of the Uber breach, hackers first gained access to Teqtivity's internal systems and an AWS server, before exfiltrating and leaking account information and personally identifying information (PII) of approximately 77,000 Uber employees.
EventOn-Demand Smart Security Summit
Learn about the essential role of AI and ML in cybersecurity and industry-specific case studies. Watch the on-demand sessions today.
look hereAlthough the Uber and Gemini breaches are separate incidents, both organizations had to pick up the pieces and control the damage after a third-party vendor's security protections failed.
"Overall, lost email addresses aren't the worst pieces of data to use; however, it's a stark reminder that businesses will always come under attack for breaches that (allegedly) occur. produce with their third-party vendors,” said John Bambenek, principal threat hunter at Netenrich.
When considering these incidents as part of the broader trend of third-party breaches, it appears that threat actors are well aware that third-party vendors are a relatively simple entry point to systems downstream organizations.
After all, an organization must not only trust the security measures of its IT vendors and cede control of its data, but it must also be confident that the vendors will report cybersecurity incidents when they occur.
Unfortunately, many companies work with third-party vendors that they don't fully trust. Only 39% of companies are convinced that a third
Check out all the Smart Security Summit on-demand sessions here.
Third-party risk is one of the most overlooked threats to enterprise security. Research shows that in the past 12 months, 54% of organizations have experienced third-party data breaches. This week alone, Uber and cryptocurrency exchange Gemini have been added to this list.
Most recently, Gemini suffered a data breach after hackers hacked into a third-party vendor's systems and gained access to 5.7 million emails and partially obfuscated phone numbers.
In a blog post about the breach, Gemini acknowledged that while no account information or systems were affected, some customers may have been targeted by phishing campaigns as a result of the breach.
While the information exposed in the Gemini breach is limited to emails and partial phone numbers, the hack highlights that targeting third-party vendors is a reliable way for threat actors to collect information for use in social engineering scams and other attacks.
Why third parties are an easy target for data breachesIn the case of the Uber breach, hackers first gained access to Teqtivity's internal systems and an AWS server, before exfiltrating and leaking account information and personally identifying information (PII) of approximately 77,000 Uber employees.
EventOn-Demand Smart Security Summit
Learn about the essential role of AI and ML in cybersecurity and industry-specific case studies. Watch the on-demand sessions today.
look hereAlthough the Uber and Gemini breaches are separate incidents, both organizations had to pick up the pieces and control the damage after a third-party vendor's security protections failed.
"Overall, lost email addresses aren't the worst pieces of data to use; however, it's a stark reminder that businesses will always come under attack for breaches that (allegedly) occur. produce with their third-party vendors,” said John Bambenek, principal threat hunter at Netenrich.
When considering these incidents as part of the broader trend of third-party breaches, it appears that threat actors are well aware that third-party vendors are a relatively simple entry point to systems downstream organizations.
After all, an organization must not only trust the security measures of its IT vendors and cede control of its data, but it must also be confident that the vendors will report cybersecurity incidents when they occur.
Unfortunately, many companies work with third-party vendors that they don't fully trust. Only 39% of companies are convinced that a third
What's Your Reaction?
![Three of ID's top PR executives quit ad firm Powerhouse [EXCLUSIVE]](https://variety.com/wp-content/uploads/2023/02/ID-PR-Logo.jpg?#){kind=logo}
